QUESTION 611You create a Password Settings object (PSO).You need to apply the PSO to a domain user named User1.What should you do?

A. Modify the properties of the PSO.B. Modify the account options of the User1 account.C. Modify the security settings of the User1 account.D. Modify the password policy of the Default Domain Policy Group Policy object (GPO).

QUESTION 613Your network contains an Active Directory domain. All servers run Windows Server 2008 R2. You need to audit the deletion of registry keys on each server.What should you do?

A. From Audit Policy, modify the Object Access settings and the Process Tracking settings.B. From Audit Policy, modify the System Events settings and the Privilege Use settings.C. From Advanced Audit Policy Configuration, modify the System settings and the Detailed Tracking settings.D. From Advanced Audit Policy Configuration, modify the Object Access settings and the Global Object Access Auditing settings.

QUESTION 614Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2.You need to enable the Active Directory Recycle Bin.What should you use?

A. the Dsmod toolB. the Enable-ADOptionalFeature cmdletC. the Ntdsutil toolD. the Set-ADDomainMode cmdlet

QUESTION 615Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Register a service principal name (SPN) for AD RMS.B. Register a service connection point (SCP) for AD RMS.C. Configure the identity setting of the _DRMSAppPool1 application pool.D. Configure the useAppPoolCredentials attribute in the Internet Information Services (IIS)

QUESTION 616Your network contains an Active Directory forest. The forest contains an Active Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the passwords of users in the remote site. What should you do?

A. Create a Password Settings object (PSO).B. Modify the Partial-Attribute-Set attribute of the forest.C. Add the user accounts of the remote site users to the Allowed RODC Password Replication Group.D. Add the user accounts of users who are not in the remote site to the Denied RODC Password Replication Group.

QUESTION 617Your company has four offices. The network contains a single Active Directory domain. Each office has a domain controller. Each office has an organizational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the passwords for the user accounts in their respective office only. The solution must prevent the technicians from creating user accounts. What should you do?

A. For each OU, run the Delegation of Control Wizard.B. For the domain, run the Delegation of Control Wizard.C. For each office, create an Active Directory group, and then modify the security settings for each group.D. For each office, create an Active Directory group, and then modify the controlAccessRights attribute for each group.

QUESTION 618Your network contains a single Active Directory domain. Client computers run either Windows XP Service Pack 3 (SP3) or Windows 7. All of the computer accounts for the client computers are located in an organizational unit (OU) named OU1.You link a new Group Policy object (GPO) named GPO10 to OU1.You need to ensure that GPO10 is applied only to client computers that run Windows 7.What should you do?

A. Create a new OU in OU1. Move the Windows XP computer accounts to the new OU.B. Enable block inheritance on OU1.C. Create a WMI filter and assign the filter to GPO10.D. Modify the permissions of OU1.

Answer: CExplanation:http://technet.microsoft.com/en-us/library/cc947846.aspxTo make sure that each GPO associated with a group can only be applied to computers running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each computer.

QUESTION 619Your network contains an Active Directory domain named contoso.com.You need to audit changes to a service account. The solution must ensure that the audit logs contain the before and after values of all the changes.Which security policy setting should you configure?

Answer: CExplanation:http://technet.microsoft.com/en-us/library/dd772641.aspxAudit Directory Service ChangesThis security policy setting determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS).http://technet.microsoft.com/en-us/library/cc731607.aspxAD DS Auditing Step-by-Step GuideThis guide includes a description of the new Active Directory® Domain Services (AD DS) auditing feature in Windows Server® 2008. With the new auditing feature, you can log events that show old and new values; for example, you can show that Joe’s favorite drink changed from single latte to triple-shot latte.

QUESTION 620Your network contains two Active Directory forests named contoso.com and nwtraders.com. Active Directory Rights Management Services (AD RMS) is deployed in each forest. You need to ensure that users from the nwtraders.com forest can access AD RMS protected content in the contoso.com forest. What should you do?

A. Add a trusted user domain to the AD RMS cluster in the nwtraders.com domain.B. Create an external trust from nwtraders.com to contoso.com.C. Add a trusted user domain to the AD RMS cluster in the contoso.com domain.D. Create an external trust from contoso.com to nwtraders.com.

Answer: CExplanation:http://technet.microsoft.com/en-us/library/hh311036.aspxUsing AD RMS trustIt is not necessary to create trust or federation relationships between the Active Directory forests of organizations to be able to share rights-protected information between separate organizations. AD RMS provides two types of trust relationships that provide this kind of rights-protected information exchange. A trusted user domain (TUD) allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users whose rights account certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust.

2015 Latest Released Microsoft 70-640 Exam Dumps Free Download From Braindump2go Now! All Questions and Answers are chcked again by Braindump2go Experts Team, 100% Real Questions and Correct Answers Guaranteed! Full Money Back Guarantee Show our Confidence in helping you have a 100% Success of Exam 70-640! Just have a try!